CVE-2021-29529 log

Severity Low
Remote No
Type Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear` by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the implementation( computes two integers (representing the upper and lower bounds for interpolation) by ceiling and flooring a floating point value. For some values of `in`, `interpolation->upper[i]` might be smaller than `interpolation->lower[i]`. This is an issue if `interpolation->upper[i]` is capped at `in_size-1` as it means that `interpolation->lower[i]` points outside of the image. Then, in the interpolation code(, this would result in heap buffer overflow.
Group Package Affected Fixed Severity Status Ticket
AVG-1962 tensorflow 2.4.1-10 2.5.0-1 Critical Fixed